» qibing_ac1_681.exe
Overview
Analysis
File Details

qibing_ac1_681.exe

TODO: <产品名>

湖南蓝途方鼎科技有限公司

The executable qibing_ac1_681.exe has been detected as malware by 21 anti-virus scanners.

File name:

qibing_ac1_681.exe

Publisher:

北京小拇指科技公司 (signed by 湖南蓝途方鼎科技有限公司)

Product:

TODO: <产品名>

Description:

TODO: <文件说明>

Version:

1.0.0.1

MD5:

d16134c1a1a8231a1108a3d31290173f

SHA-1:

66371591afbcc38e07218a513ca00e3436e55212

SHA-256:

0eb838f37314cc6c77b84c1044aaa78e12d26ebd80286ed6f3826516dbac6b3b

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

11/24/2024 7:34:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3260949

185

Avira AntiVirus

TR/Valcaryx.ikjo

8.3.3.4

Arcabit

Trojan.Generic.D31C215

1.0.0.696

avast!

Win32:Malware-gen

2014.9-160803

AVG

Generic37

2017.0.2663

Bitdefender

Trojan.GenericKD.3260949

1.0.20.1080

Emsisoft Anti-Malware

Trojan.GenericKD.3260949

8.16.08.03.04

Fortinet FortiGate

Malware_Generic.P0

8/3/2016

F-Secure

Trojan.GenericKD.3260949

11.2016-03-08_4

G Data

Trojan.GenericKD.3260949

16.8.25

IKARUS anti.virus

Trojan.Win32.Valcaryx

t3scan.2.0.9.0

K7 AntiVirus

Riskware

13.226.19749

McAfee

Artemis!D16134C1A1A8

5600.6319

Microsoft Security Essentials

Trojan:Win32/Valcaryx.A

1.1.12805.0

MicroWorld eScan

Trojan.GenericKD.3260949

17.0.0.648

nProtect

Trojan.GenericKD.3260949

16.05.30.01

Panda Antivirus

Trj/CI.A

16.08.03.04

Qihoo 360 Security

Trojan.Generic

1.0.0.1120

Rising Antivirus

Trojan.Valcaryx!8.5502-3fxFxsvXHsS (Cloud)

23.00.65.16801

Trend Micro

TROJ_GEN.R0EBC0DER16

10.465.03

Zillya! Antivirus

Trojan.GenericKD.Win32.9731

2.0.0.2898

File size:

1.5 MB (1,591,024 bytes)

Product version:

1.0.0.1

Original file name:

CavalryPlayer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\qibing_ac1_681.exe

Digital Signature

Signed by:

湖南蓝途方鼎科技有限公司

Authority:

VeriSign, Inc.

Valid from:

4/2/2015 8:00:00 AM

Valid to:

5/2/2016 7:59:59 AM

Subject:

CN=湖南蓝途方鼎科技有限公司, O=湖南蓝途方鼎科技有限公司, L=长沙市, S=湖南省, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2AC01DE88063BADB080008853FDD8C6C

File PE Metadata

Compilation timestamp:

5/23/2016 9:51:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:qg5bo36S/JVmyb2T7jqsuFtz1FaWfw2M52D5NLP4uv0G/iq2g:qglo36S9q6zn1NM52N1P3vFh2g

Entry address:

0x28DDF

Entry point:

E8, B5, 63, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 48, 18, 45, 00, 75, 02, F3, C3, E9, 37, 64, 00, 00, 8B, FF, 51, C7, 01, 5C, 3D, 44, 00, E8, 2F, 65, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CB, 30, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 72, 65, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, 28, 80, 45, 00, E8, 3F, 5D, 00, 00, FF, 35... 
[+]

Entropy:

4.1590

Code size:

251.5 KB (257,536 bytes)

Remove qibing_ac1_681.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.